<!doctype html>


<html>
<head>
  <link rel="shortcut icon" href="static/images/favicon.ico" type="image/x-icon">
  <title>sanitizer.js (Closure Library API Documentation - JavaScript)</title>
  <link rel="stylesheet" href="static/css/base.css">
  <link rel="stylesheet" href="static/css/doc.css">
  <link rel="stylesheet" href="static/css/sidetree.css">
  <link rel="stylesheet" href="static/css/prettify.css">

  <script>
     var _staticFilePath = "static/";
     var _typeTreeName = "goog";
     var _fileTreeName = "Source";
  </script>

  <script src="static/js/doc.js">
  </script>


  <meta charset="utf8">
</head>

<body onload="grokdoc.onLoad();">

<div id="header">
  <div class="g-section g-tpl-50-50 g-split">
    <div class="g-unit g-first">
      <a id="logo" href="index.html">Closure Library API Documentation</a>
    </div>

    <div class="g-unit">
      <div class="g-c">
        <strong>Go to class or file:</strong>
        <input type="text" id="ac">
      </div>
    </div>
  </div>
</div>





<div class="colmask rightmenu">
<div class="colleft">
    <div class="col1">
      <!-- Column 1 start -->

<div id="title">
       <span class="fn">sanitizer.js</span>
</div>

<div class="g-section g-tpl-75-25">
  <div class="g-unit g-first" id="description">
    <span class='nodesc'>No description.</span>
  </div>
  

        <div class="g-unit" id="useful-links">
          <div class="title">Useful links</div>
          <ol>
            <li><a href="local_closure_goog_labs_html_sanitizer.js.source.html"><span class='source-code-link'>Source Code</span></a></li>
            <li><a href="http://code.google.com/p/closure-library/source/browse/local/closure/goog/labs/html/sanitizer.js">Git</a></li>
          </ol>
        </div>
</div>

<h2 class="g-first">File Location</h2>
  <div class="g-section g-tpl-20-80">
    <div class="g-unit g-first">
      <div class="g-c-cell code-label">/goog/labs/html/sanitizer.js</div>
    </div>
  </div>
<hr/>


  <h2>Classes</h2>
 <div class="fn-constructor">
        <a href="class_goog_labs_html_Sanitizer.html">
          goog.labs.html.Sanitizer</a><br/>
        <div class="class-details">A sanitizer that converts untrusted, messy HTML into more regular HTML
that cannot abuse high-authority constructs like the ability to execute
arbitrary JavaScript.
</div>
 </div>
      
<br/>

  <div class="legend">
        <span class="key publickey"></span><span>Public</span>
        <span class="key protectedkey"></span><span>Protected</span>
        <span class="key privatekey"></span><span>Private</span>
  </div>









<div class="section">
  <table class="horiz-rule">


  </table>
</div>




  <h2>Global Functions</h2>





<div class="section">
  <table class="horiz-rule">


     <tr class="even entry private">
       <td class="access"></td>






  <td>
    <a name="goog.labs.html.Sanitizer.chain_"></a>


     <div class="arg">
       <img align="left" src="static/images/blank.gif">

        <span class="entryNamespace">goog.labs.html.Sanitizer.</span><span class="entryName">chain_<span class="args">(<span class="arg">f</span>,&nbsp;<span class="arg">g</span>)</span>
        </span>
        &#8658; <span class="type">goog.labs.html.AttributeRewriter</span>
      </div>


     <div class="entryOverview">
       Chains attribute rewriters.


     </div>


    <! -- Method details -->
    <div class="entryDetails">

      <div class="detailsSection">
        <b>Arguments: </b>






<table class="horiz-rule">
     
   <tr class="even">
     <td>
        <span class="entryName">f</span>
        : <span class="type">goog.labs.html.AttributeRewriter</span>
        <div class="entryOverview"><span class='nodesc'>No description.</span></div>
     </td>
   </tr>
     
   <tr class="odd">
     <td>
        <span class="entryName">g</span>
        : <span class="type">goog.labs.html.AttributeRewriter</span>
        <div class="entryOverview"><span class='nodesc'>No description.</span></div>
     </td>
   </tr>
  </table>
      </div>
   
      <div class="detailsSection">
        <b>Returns:</b>&nbsp;<span class="type">goog.labs.html.AttributeRewriter</span>&nbsp;
            a function that return g(f(x)) or null if f(x) is null.
      </div>
  
    </div>
   
  </td>


  <td class="view-code">
     <a href="local_closure_goog_labs_html_sanitizer.js.source.html#line306">code &raquo;</a>
  </td>
     </tr>


     <tr class="odd entry private">
       <td class="access"></td>






  <td>
    <a name="goog.labs.html.Sanitizer.checkUrl_"></a>


     <div class="arg">
       <img align="left" src="static/images/blank.gif">

        <span class="entryNamespace">goog.labs.html.Sanitizer.</span><span class="entryName">checkUrl_<span class="args">(<span class="arg">attrValue</span>)</span>
        </span>
        &#8658; <span class="type">goog.html.SafeUrl </span><span>&nbsp;|&nbsp;</span><span class="type"> null</span>
      </div>


     <div class="entryOverview">
       Applied automatically to URL attributes to check that they are safe as per
<code> SafeUrl</code>.


     </div>


    <! -- Method details -->
    <div class="entryDetails">

      <div class="detailsSection">
        <b>Arguments: </b>






<table class="horiz-rule">
     
   <tr class="even">
     <td>
        <span class="entryName">attrValue</span>
        : <span class="type">goog.labs.html.AttributeValue</span>
        <div class="entryOverview">a decoded attribute value.</div>
     </td>
   </tr>
  </table>
      </div>
   
      <div class="detailsSection">
        <b>Returns:</b>&nbsp;<span class="type">goog.html.SafeUrl </span><span>&nbsp;|&nbsp;</span><span class="type"> null</span>&nbsp;
            a URL that is equivalent to the
   input or <code> null</code> if the input is not a safe URL.
      </div>
  
    </div>
   
  </td>


  <td class="view-code">
     <a href="local_closure_goog_labs_html_sanitizer.js.source.html#line368">code &raquo;</a>
  </td>
     </tr>


     <tr class="even entry private">
       <td class="access"></td>






  <td>
    <a name="goog.labs.html.Sanitizer.createBlankObject_"></a>


     <div class="arg">
       <img align="left" src="static/images/blank.gif">

        <span class="entryNamespace">goog.labs.html.Sanitizer.</span><span class="entryName">createBlankObject_<span class="args">()</span>
        </span>
        &#8658; <span>!</span><span class="type"><a href="https://developer.mozilla.org/en/Core_JavaScript_1.5_Reference/Global_Objects/Object">Object</a></span>.&lt;<span class="type"><a href="https://developer.mozilla.org/en/Core_JavaScript_1.5_Reference/Global_Objects/String">string</a></span>,<span>?</span><span class="type"> </span>&gt;
      </div>


     <div class="entryOverview">
       A new object that is as blank as possible.

Using <code> Object.create</code> to create an object with
no prototype speeds up whitelist access since there's fewer prototypes
to fall-back to for a common case where an element is not in the
white-list, and reduces the chance of confusing a member of
<code> Object.prototype</code> with a whitelist entry.


     </div>


    <! -- Method details -->
    <div class="entryDetails">

   
      <div class="detailsSection">
        <b>Returns:</b>&nbsp;<span>!</span><span class="type"><a href="https://developer.mozilla.org/en/Core_JavaScript_1.5_Reference/Global_Objects/Object">Object</a></span>.&lt;<span class="type"><a href="https://developer.mozilla.org/en/Core_JavaScript_1.5_Reference/Global_Objects/String">string</a></span>,<span>?</span><span class="type"> </span>&gt;&nbsp;
            a reference to a newly allocated object that
   does not alias any reference that existed prior.
      </div>
  
    </div>
   
  </td>


  <td class="view-code">
     <a href="local_closure_goog_labs_html_sanitizer.js.source.html#line254">code &raquo;</a>
  </td>
     </tr>


     <tr class="odd entry private">
       <td class="access"></td>






  <td>
    <a name="goog.labs.html.Sanitizer.defaultRewriterForAttr_"></a>


     <div class="arg">
       <img align="left" src="static/images/blank.gif">

        <span class="entryNamespace">goog.labs.html.Sanitizer.</span><span class="entryName">defaultRewriterForAttr_<span class="args">(<span class="arg">attrName</span>)</span>
        </span>
        &#8658; <span class="type">goog.labs.html.AttributeRewriter</span>
      </div>


     <div class="entryOverview">
       Given an attribute name, returns a value rewriter that enforces some
minimal safety properties.

<p>
For url atributes, it checks that any protocol is on a safe set that
doesn't allow script execution.
<p>
It also blanket disallows CSS and event handler attributes.

</p></p>
     </div>


    <! -- Method details -->
    <div class="entryDetails">

      <div class="detailsSection">
        <b>Arguments: </b>






<table class="horiz-rule">
     
   <tr class="even">
     <td>
        <span class="entryName">attrName</span>
        : <span class="type"><a href="https://developer.mozilla.org/en/Core_JavaScript_1.5_Reference/Global_Objects/String">string</a></span>
        <div class="entryOverview">lower-cased attribute name.</div>
     </td>
   </tr>
  </table>
      </div>
   
      <div class="detailsSection">
        <b>Returns:</b>&nbsp;<span class="type">goog.labs.html.AttributeRewriter</span>&nbsp;
            <span class='nodesc'>No description.</span>
      </div>
  
    </div>
   
  </td>


  <td class="view-code">
     <a href="local_closure_goog_labs_html_sanitizer.js.source.html#line348">code &raquo;</a>
  </td>
     </tr>


     <tr class="even entry private">
       <td class="access"></td>






  <td>
    <a name="goog.labs.html.Sanitizer.disallow_"></a>


     <div class="arg">
       <img align="left" src="static/images/blank.gif">

        <span class="entryNamespace">goog.labs.html.Sanitizer.</span><span class="entryName">disallow_<span class="args">(<span class="arg">x</span>)</span>
        </span>
        &#8658; <span class="type">null</span>
      </div>


     <div class="entryOverview">
       <span class='nodesc'>No description.</span>
     </div>


    <! -- Method details -->
    <div class="entryDetails">

      <div class="detailsSection">
        <b>Arguments: </b>






<table class="horiz-rule">
     
   <tr class="even">
     <td>
        <span class="entryName">x</span>
        : <span class="type">goog.labs.html.AttributeValue</span>
        <div class="entryOverview"><span class='nodesc'>No description.</span></div>
     </td>
   </tr>
  </table>
      </div>
   
      <div class="detailsSection">
        <b>Returns:</b>&nbsp;<span class="type">null</span>&nbsp;
            <span class='nodesc'>No description.</span>
      </div>
  
    </div>
   
  </td>


  <td class="view-code">
     <a href="local_closure_goog_labs_html_sanitizer.js.source.html#line292">code &raquo;</a>
  </td>
     </tr>


     <tr class="odd entry private">
       <td class="access"></td>






  <td>
    <a name="goog.labs.html.Sanitizer.isValidHtmlName_"></a>


     <div class="arg">
       <img align="left" src="static/images/blank.gif">

        <span class="entryNamespace">goog.labs.html.Sanitizer.</span><span class="entryName">isValidHtmlName_<span class="args">(<span class="arg">name</span>)</span>
        </span>
        &#8658; <span class="type"><a href="https://developer.mozilla.org/en/Core_JavaScript_1.5_Reference/Global_Objects/Boolean">boolean</a></span>
      </div>


     <div class="entryOverview">
       HTML element and attribute names may be almost arbitrary strings, but the
sanitizer is more restrictive as to what can be white-listed.

Since HTML is case-insensitive, only lower-case identifiers composed of
ASCII letters, digits, and select punctuation are allowed.


     </div>


    <! -- Method details -->
    <div class="entryDetails">

      <div class="detailsSection">
        <b>Arguments: </b>






<table class="horiz-rule">
     
   <tr class="even">
     <td>
        <span class="entryName">name</span>
        : <span class="type"><a href="https://developer.mozilla.org/en/Core_JavaScript_1.5_Reference/Global_Objects/String">string</a></span>
        <div class="entryOverview"><span class='nodesc'>No description.</span></div>
     </td>
   </tr>
  </table>
      </div>
   
      <div class="detailsSection">
        <b>Returns:</b>&nbsp;<span class="type"><a href="https://developer.mozilla.org/en/Core_JavaScript_1.5_Reference/Global_Objects/Boolean">boolean</a></span>&nbsp;
            true iff name is a valid white-list key.
      </div>
  
    </div>
   
  </td>


  <td class="view-code">
     <a href="local_closure_goog_labs_html_sanitizer.js.source.html#line270">code &raquo;</a>
  </td>
     </tr>


     <tr class="even entry private">
       <td class="access"></td>






  <td>
    <a name="goog.labs.html.Sanitizer.valueIdentity_"></a>


     <div class="arg">
       <img align="left" src="static/images/blank.gif">

        <span class="entryNamespace">goog.labs.html.Sanitizer.</span><span class="entryName">valueIdentity_<span class="args">(<span class="arg">x</span>)</span>
        </span>
        &#8658; <span class="type">goog.labs.html.AttributeValue</span>
      </div>


     <div class="entryOverview">
       <span class='nodesc'>No description.</span>
     </div>


    <! -- Method details -->
    <div class="entryDetails">

      <div class="detailsSection">
        <b>Arguments: </b>






<table class="horiz-rule">
     
   <tr class="even">
     <td>
        <span class="entryName">x</span>
        : <span class="type">goog.labs.html.AttributeValue</span>
        <div class="entryOverview"><span class='nodesc'>No description.</span></div>
     </td>
   </tr>
  </table>
      </div>
   
      <div class="detailsSection">
        <b>Returns:</b>&nbsp;<span class="type">goog.labs.html.AttributeValue</span>&nbsp;
            <span class='nodesc'>No description.</span>
      </div>
  
    </div>
   
  </td>


  <td class="view-code">
     <a href="local_closure_goog_labs_html_sanitizer.js.source.html#line282">code &raquo;</a>
  </td>
     </tr>


  </table>
</div>






      <!-- Column 1 end -->
    </div>

        <div class="col2">
          <!-- Column 2 start -->
          <div class="col2-c">
            <h2 id="ref-head">Directory html</h2>
            <div id="localView"></div>
          </div>

          <div class="col2-c">
            <h2 id="ref-head">File Reference</h2>
            <div id="sideFileIndex" rootPath="" current="/goog/labs/html/sanitizer.js"></div>
          </div>
          <!-- Column 2 end -->
        </div>
</div>
</div>

</body>
</html>
